Criminal Web Mobs Responsible For Most Cyber Crime

New reports confirm what we’ve been seeing in the news; organized criminals have upped the ante. Global web mobs are tearing up corporations’ and financial institutions’ networks. According to a new Verizon report, a staggering 900 million records have been compromised in the past six years. Up to 85% of the breaches were blamed on organized criminals.

The hackers who infiltrate these networks include brilliant teens, 20-somethings, all the way up to clinical psychologists and organized, international cyber criminals. Many are from Russia and Eastern Europe.

Motivated by money and information, they either exploit flaws in applications to find their way inside networks, or they target their victims psychologically, tricking them into disclosing usernames and passwords, or clicking malicious links.

Flawed web applications often make these types of hacks possible. Criminals use “sniffers” to seek out flaws, and when they find them, the attack begins. Malware is generally used to extract usernames and passwords. Once the criminals have full access to a network, they use the breached system as their own, storing the stolen data and eventually turning it into cash.

To protect yourself, update your PC’s basic security, including Windows updates and critical security patches. Make sure your antivirus software is up to date and set to run automatically. Update your web browser to the latest version. An out of date web browser is often riddled with holes worms can crawl through. Run spyware removal software. And set up your wireless network with a “key” or passcode so it’s not open to the public.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses another data breach on Fox News. (Disclosures)

Are You Your Family’s Chief Security Officer?

Everyone’s job spills into their personal life is some way. I’m sure if your job is to clean offices all day, your home is probably clean. If you are a computer technician, your family bothers you every day to fix stuff. My guess is if you are a nurse, your kids are probably well taken care of.

My job is to scream about home security and other security issues all day. I’m pretty sure people are listening because they often thank me for the heads up and lately have been pointing to specific posts that saved them lots of headaches and heartache. In my home environment, I’m the CSO, Chief Security Officer, and security is an ongoing process that everyone is involved in. They have no choice. I bark it all day.

My belief is everyone has a job to do in personal safety. No matter what, you must protect yourself and family from the bad-guy. The hard part about this part time job is it requires a bit of thought. Because you’re not immersed in it all day like I am, the “second nature” part requires putting out a tiny bit of extra effort in order to complete whatever security task there may be at hand. To some people who are already burdened with life, a simple task like locking your doors or activating an alarm might be too much to think about.

I remember about 20 years ago I knew I wanted a safe. So I bought one. And that safe sat in my closet in the box for another 8 months until I actually bolted it to the floor and began to use it.  It took extra effort. Everything of significant monetary value that I don’t want stolen is easily locked up and fireproofed. Today it’s no effort.

Occasionally after a long day I go to bed and forget to set the alarm. But I always remember if I didn’t set it as my head hits the pillow, which means I get out of bed and set it. It’s a tiny bit of extra effort. Then I sleep better.  Security might not be your job, but it is really everyone’s job. Be the power of example and provide the leadership your family needs and be their Chief Security Officer.

Robert Siciliano personal security expert to Home Security Source discussing home security and identity theft on TBS Movie and a Makeover. Disclosures.



Celebrity Burglaries and Home Invasions

I’m not one to dish on celebs, although I did just meet Mario Lopez on the set of EXTRA. Cool dude took a pic with me. Celebs are no different than you and I. They are fallible and vulnerable humans, who just get lots more attention.

With one big exception; they are much bigger targets than we are because often they are moneyed.

A half dozen teens from a hoity toity suburb of LA fancied the celeb lifestyle and considered themselves part of the “in” crowd. While they lived the celeb lifestyle by hanging out in all the clubs, staying up all night and doing drugs, their thirst for drugs led to the need for more money to pay for those drugs. So they started to steal. They first started to break into cars. That was their “gateway” felony which led to breaking into homes. They were dubbed the “Bling Ring” and many are now in jail.

Their methods were simple. They tracked their victims by using social media, Facebook and Twitter. They knew when they were home and when they were away.  They even used Google Earth to scope out their homes.

They would approach a home and knock on the door and ring the bell. If nobody was home they’d jiggle the door knob. When a door was locked they looked under the mat for a key and often found one.

In 2008 Paris Hiltons home was burglarized. Shortly afterwards she installed a burglar alarm to prevent another home invasion. Many people install an alarm after their house is robbed. They react emotionally opposed to being proactive with a home security installation to protect their homes and families.

Paris Hilton recently tweeted she was almost the victim of a home invasion by a man carrying two kitchen knives. Her publicist was quoted saying “”The security cameras and alarm system were alerted and the police immediately came to the house and arrested the intruder who was attempting to break a window when they arrived.”

Without an investment in security this could have been a lot worse. And situations like this happen to millions of “everyday” people annually. Protect yourself for a dollar a day with a monitored system.

Robert Siciliano personal security expert to Home Security Source discussing Home Security on NBC Boston. Disclosures.

Internal Revenue Service Identity Theft Scams

There have been many articles written about scammers who pose as representatives of government agencies. But perhaps the most inventive are the scams that appear to originate from the IRS. It makes perfect sense for the IRS to reach out regarding your finances. And regardless of the season, the IRS is really always in business.

I’ve never received a call or an email from the IRS. As far as I know, they do not make calls or send emails. Emails that seem to come from the IRS will often have a name, title, and even “IRS” at the beginning or end of the email address. However, email addresses can easily be spoofed.

Unless you are actively engaged in dialog with an IRS agent, do not respond to emails or phone calls supposedly coming from the IRS.

If a scammer posing as an IRS agent ever contacts you, they may already have some of your personal information, which they can use to try to convince you that they are actually from the IRS. This data could come from public records or even your trash. The scammer will often put pressure on you to comply with their request, or even offer you a tax refund.

If you ever receive documentation in the mail indicating earned income that you are not aware of, it may mean that someone else has used your Social Security number to gain employment.

If, when filing your tax return, you receive a letter from the IRS saying that you have already filed, it almost certainly means that someone else has filed a fraudulent return on your behalf in order to steal your refund.

If you are ever a victim of an identity theft issue related to an IRS scam, you may be very disappointed in the way it is handled via the various government agencies. They simply don’t allocate the resources to fix this problem proactively, nor are they adept at responding once it has occurred. The biggest issue is the thief’s privacy. Even if you have an idea who may have done it, the IRS or any other government agency will not release that information. Either way, knowing who did it won’t help you.

All you can do in the event of tax related identity theft is to follow the IRS’s instructions for contacting an agent and resolving the issue. Just be patient, as rectifying the issue may take many hours.

McAfee Identity Protection includes proactive identity surveillance to monitor subscribers’ credit and personal information and access to live fraud resolution agents who can help subscribers work through the process of resolving identity theft issues. For additional tips, please visit http://www.counteridentitytheft.com

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss IRS related identity theft on Fox News. (Disclosures)

Dealing with Online Harassment

I was watching Back to the Future II with a little person in my life and thought how funny it was that every time McFly was called a chicken he would accept the challenge and throw up his dukes. Maybe it’s funny to me because I’m kind of like McFly. When someone tosses out an insult or a challenge or baits me, my teeth come out and I’m ready for battle. I can’t help myself; I’m half Italian American and half German shepherd (and I’m not sure which half is worse).  Constructive feedback is one thing, but insults and attacking me is another.

I think most people at some level have a hard time with being mocked or personally castigated online or on the ground.  My mom used to say if you ignore them they will eventually go away. There is truth to that but it is easier said than done. Today’s advice might be to R.I.D yourself of the perp. That’s Report-Ignore-Delete.

Social networks are a minefield of messy comments and accusations that can invade your personal security. Anyone can set up a profile of someone else or post photos and videos or say awful things. The best thing you can do is simply manage things said about you.

To report someone on Facebook go to their profile and seek out in the bottom left corner “Report/Block this person” and you can remove them too. All sites allow you to remove those you are connected to.

Any Groups or pages that are designed with harassment in mind can be reported.

You can’t stop someone from posting a photo of you but you can remove any tags associated with photos on Facebook. If you see pictures that are harmful report them.

Most sites allow you to delete stuff on your feed or at least control who/what can be posted.

Most sites allow you to restrict access to your profile using various privacy settings

In email if you receive harassing messages most email providers allow blocking senders in the options menus. Otherwise create filters and automatically delete them. There is no need to engage in hate. Ignoring them by never seeing them is best.

You can also block text messages from unwanted callers. Why even give them the time of day. Ignore them and visit your carrier for instructions.

Monitor your children’s online profiles. Friend them to keep tabs. There are numerous programs that allow you to get snapshots of your kids social media activity. If you decide to install them have a conversation with your kids so they know why.

If any threats are ever made or harassment is taken to a level that deems a call to law enforcement, don’t hesitate to make the call.

Robert Siciliano personal security expert to Home Security Source discussing home security and identity theft on TBS Movie and a Makeover. Disclosures.

Organized Web Mobsters Getting Jobs Inside Corps

In 2009, there were a reported 140 million records compromised, compared to 360 million in 2008. In 2010 there have been almost 13 million records stolen. But don’t have a party just yet. Criminals are fine-tuning their craft and getting better. The industry just isn’t making it as easy. 97% of those records were stolen using malware – malicious software designed to attack the target’s existing systems and software in place.

A reported 50% of the malware was installed remotely. Almost 20% came from visiting infected websites and almost 10% was installed when employees clicked infected links that conned or “socially engineered” them.

A recent Verizon report stated, “Over the last two years, custom-created code was more prevalent and far more damaging than lesser forms of customization, the attackers seem to be improving in all areas: getting it on the system, making it do what they want, remaining undetected, continually adapting and evolving, and scoring big for all the above.”

This may be also attributed to an inside job. A rogue employee on the inside always has the advantage of knowing exactly how to remain undetected.

The report further stated that organized crime rings may “recruit, or even place, insiders in a position to embezzle or skim monetary assets and data, usually in return for some cut of the score, the smaller end of these schemes often target cashiers at retail and hospitality establishments while the upper end are more prone to involve bank employees and the like.”

In the past three years that’s a total of 513 million records. On average, every citizen has had his or her data compromised almost twice. Where’s your Social Security number in that mix?

To ensure peace of mind, subscribe to an identity theft protection service, such as McAfee Identity Protection, which offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. For additional tips, please visit http://www.counteridentitytheft.com

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss another data breach on Fox News. (Disclosures)

Poor Money Mule Not So Poor

“Money mules” may be unsuspecting Americans who act as shipping managers, do the dirty work for the bad guy, and open bank accounts, too. Sometimes the mule may be foreign, traveling to the United States specifically to open bank accounts.

Mules often get hooked into a “small business” or employment that is a function of a criminal enterprise. The mules often respond to “help wanted” ads from online job placement sites. Shipping scams are a common tactic criminals use to employ mules to receive goods bought with stolen credit card numbers, who then ship to people who buy them in online auctions. The mules in this process are essentially facilitating selling hot goods and money laundering.

The mules are often baited into setting up bank accounts that the criminal controls. These bank accounts will be set up under the name of the mule, and are generally programmed to transfer money overseas in increments of less than $10,000 to avoid detection.

Most mules end up pulling money out of their pockets to front shipping costs with the promise of a big payoff. In the end, the mule is often bilked and ends up with an empty bank account.

But not this mule, who was arrested and sentenced to 46 months in federal prison for sending more than $860,000 to offshore online scammers. He was caught after a sheriff’s deputy became suspicious during a traffic stop. They found eleven cell phones, fake IDs, $53,200 in cash, and 76 Western Union receipts. This ain’t no poor unsuspecting mule. This guy knew exactly what he was doing.

“He admitted accepting and cashing wire transfers from online shoppers for vehicles, boats, motorcycles and vehicle trailers, then sending that money to Romania or Spain in small amounts to make detection less likely. The items for sale did not actually exist.”

To ensure peace of mind, subscribe to an identity theft protection service, such as McAfee Identity Protection, which offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. For additional tips, please visit http://www.counteridentitytheft.com

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss money mules and job scams on Fox News. (Disclosures)